[ Sorry for spamming exim-dev but I believe that the PCRE maintainer lurks there and not on exim-users :-]
RedHat have released an update to pcre 6.6 http://www.linuxcompatible.org/RHSA-20070967-01_Critical_pcre_security_update_p99769.html ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pcre-6.6-2.el5_0.1.src.rpm The redhat bugzilla for one of thesre flaws https://bugzilla.redhat.com/show_bug.cgi?id=315871 suggests that another case of a lone \E inside a character class remained, this has been fixed in 7.3 exim-4.68 includes pcre 7.2, which is presumably vunerable. I suspect that within exim pcre does not parse user-supplied expressions, so this is not a major vunerability, but is anyone in a position to confirm this, or do we need to release an updated version of exim ? -- Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge [EMAIL PROTECTED] http://www.dpmms.cam.ac.uk/~werdna -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
